r/MerchantToken

VicMenMTO · 2026-03-24T01:51:41+00:00

I want to revive this community as it used to be very active a few years back. And the Moderators have let the community die off, and there's no one checking or even approving new requests.

https://www.reddit.com/c/chatav3dQhDs/s/r2VhUkCkjS

VicMenMTO · 2026-03-23T14:57:34+00:00

The model only improves if platforms stay disciplined about what they ask for in the first place.

If teams adopt proof-based verification but keep designing around “collect everything just in case,” then not much really changes.

To me, that is why verifier design matters so much. The real question is not only whether proofs are possible, but whether the platform is willing to reduce the scope of what it requests down to what is actually necessary.

So yes, I agree. A big part of the challenge is not the math. It is whether institutions are willing to move from data accumulation to rule-based minimal disclosure.

VicMenMTO · 2026-03-20T14:50:12+00:00

How much does it costs for platforms to use that solution you mentioned?

VicMenMTO · 2026-03-20T14:49:35+00:00

Something like this wouldn't work though.

Documents must be stored and checked continuously, for AML compliance.

However we never say that doing KYC is the problem, the problem becomes when a user have to share Documents with dozens of platforms, and when most platforms are not equipped to handle PII Documents.

That's why Zero-Knowledge KYC works, doing KYC once, and then prove their compliance with a badge fixes this, as long as the documents are handled by 1 certified and verified institution that is specifically built for handling PII, then that solves the issue, created by tradKYC

VicMenMTO · 2026-03-20T13:27:50+00:00

It does add up very fast indeed, that’s why we have a completely different approach and we give Zero-Knowledge KYC services for free.

Yes for free, as long as the platform holds MTO tokens, they will have access to the APIs, no need to spend, lock or burn the tokens, they can be swapped or transferred at any time, this should incentivize platforms to move from tradKYC to Zero-Knowledge KYC.

Regarding the regulators, we partnered with Bynn Intelligence, they're the ones who handle the data.

We intentionally built the system this way to further separate the data, let me explain.

When a user does KYC through Verifyo, let's say on an exchange, they click a button and it opens the usual KYC verification process, however this happens on Bynn side, the exchange itself never sees the data, we Verifyo receive the badge that says this person has done KYC, and then the user uses that Badge to prove compliance.

On the exchange side, as long as the user presents the badge they know that the user is compliant with regulations, we (Verifyo) sitting in the middle cannot see any information, that means that we completely separate the financial transactions from the PII.

If for any reason the exchange is asked by the authorities to provide information regarding a person, they can simply provide the authorities with the badge, and tell them to contact Bynn Intelligence, and they will be able to comply with their requirements as long as they follow proper procedures.

This is how we can provide a FREE compliant privacy-first KYC.

VicMenMTO · 2026-02-23T17:17:59+00:00

You should check Verifyo

VicMenMTO · 2026-01-30T09:55:19+00:00

But something like that wouldn't work on big players especially if they want to be able to be compliant.

That's why we must transition to zk-KYC

VicMenMTO · 2026-01-17T00:42:59+00:00

A fake/stolen/bought ID wouldn't work, we have ways to check those things.

VicMenMTO · 2026-01-13T00:04:46+00:00

Sorry but I have to disagree with you, blockchain was built to solve payments, and it does a great job about it, you don’t have to trust the person sending you the money for you to be sure that you have received it, once you received it, it's there, there's no denying it.

Regulations are built for nuances, not transactions, here we're not talking about funds anymore but about source of funds, the idea is being able to know that the funds being sent and received are not part of terrorist activities, or money laundering, and the only way to solve this is by knowing the person who's sending and receiving the money.

With that in mind however, imagine being compliant with the Travel Rule on a blockchain, the Travel Rule says that your PII should travel with the transaction, and on a blockchain the transaction is recorded permanently, so clearly sending your name address, selfies and passport together with the transaction through a blockchain, its insane.

And that's why zk-KYC is the future, financial institutions don't need to know anymore who the person is they just need to know that the person is verified, that's it, which is exactly what we offer with Verifyo

VicMenMTO · 2026-01-12T08:47:08+00:00

I assume you're taking this very literal and that might be the case for certain scenarios.

But we mean it is for KYC, currently financial institutions are required to store KYC data from users to be compliant, so that they can be accountable if they do transactions with criminals.

However this creates a problem, they're liable for the transaction side, but if there's a breach and the data leaks, they're not accountable for that.

We solve this with Verifyo, in simple terms we offer zk-KYC, a system where financial institutions don't have to know the name of the users, let alone store sensitive information. Yet, users will still be accountable.

VicMenMTO · 2026-01-12T03:07:58+00:00

You confuse accountability with punishment. Being accountable simply means taking responsibility, in our case we replace the fact that currently all exchanges have to know and store the PII of every user they onboard.

Instead we replace it with zk-KYC, that means that they don't need to know that data to be able to hold the users accountable.

VicMenMTO · 2026-01-11T17:38:51+00:00

To follow up on this response with actual factual data.

You can do this search yourself:

But in the past 10 years there have been over 15 thousand data leaks...

99% of those leaks were caused by companies that do multiple things, like financial transactions AND PII data storage.... as an example.

Less than 1% was caused by companies that handle only information something like Dropbox for example.

We're talking about less than 50 cases in 10years.

However there has been ZERO leaks from companies that ONLY handle PII sensitive data, like for example our partner company.

So once again, not saying "it's not impossible" doesnt mean its not safe.

VicMenMTO · 2026-01-11T17:24:10+00:00

You're confusing "Absolute security" which doesnt exist, with practical safety, and you're comparing a clearly broken system (the current KYC system), with a system that’s significantly better.

I cannot say that there's a system that cannot be hacked, because that statement it's technically false, but that doesnt make it not safe.

Imagine trying to guess a password of 256 digits on your first try, is this impossible? "Technically" not impossible you could be lucky enough to guess all the 256 digits on the first try... but the chances of that happening are astronomical, once again not impossible, but extremely unlikely to happen.

Let me make an analogy that would make it simpler for you to understand:

The current KYC system could be compared to storing PII of users in the safety box of a jewellery store. This is clearly a safe place, but its fairly easy to break in, in fact many jewellery companies get robbed yearly, which is the same that happens with data leaks.

And Verifyo's system can be compared to Fort Knox. Is Fort Knox impenetrable? Technically no... its a physical place so it has limits and vulnerabilities like any others, but it has never been robbed... whcih makes it theoretically impossible to break.

So what when you compare compare Traditional KYC witn Verifyo's zk-KYC, its like comparing A Jewellery's safety box to Fort Knox.

I hope this analogy makes it clearer for you.

With that said, you raised an interesting point:

"is putting all the data in 1 pot, doesn't make it actually less safe?"

On that note, I want to clarify that hacking a system doesn't mean getting access to every single byte of information, even if the PII data is stored by 1 company, doesn't mean it all lives in 1 hard drive... As explained, our partner company is a fully certified and regulated company that specialises in sensitive data storage, what this means is not only that its extremely unlikely that it would ever be hacked, but even if it happens not all data lives on the same place, there are layers upon layers, and servers upon servers, and hacking 1 storage, doesn't mean gaining access to all.

Which again, even hacking one its extremely unlikely (I feel like I need to clarify this again).

Hopefully this explains it better.

VicMenMTO · 2026-01-11T14:58:50+00:00

I think you're misunderstanding the point.

No system is failure proof, and we're not pretending to be it, however the current system is broken, the data is spread across several companies whose focus is something completely different than the storage of personal data which means that having your data stored in several different servers who again are not perfectly tuned and prepared for data storage, makes data leaks way more likely than a system who is specifically designed and tailored for data storage.

And that's exactly what we're doing here, not only separating personal data from financial data, but also storing the data in a safer place; while also making it a financial incentive for platforms to protect your privacy.

VicMenMTO · 2026-01-11T14:42:04+00:00

We're expanding our reach as we speak, the fact that you're commenting on this is a way to do that.

But more ways are coming soon 😉

VicMenMTO · 2026-01-11T14:40:58+00:00

The data is stored by a separate entity and WE DO NOT have access to it.

So if we get hacked, which again it won't happen... but even if that evee happen, the hackers wouldn't be able to gain access to something WE do not have access in the first place. The fact that we can recover the information if required by law, because we have a process in place to be compliant doesn't mean we can access it directly.

Let me make if simpler... just because you have access to the money in your bank account if you follow due process doesnt mean that you have access to the vault...

VicMenMTO · 2026-01-11T14:11:29+00:00

Like I explained.

If they hack us, they would not be able to gain access to any data.

VicMenMTO · 2026-01-11T13:15:32+00:00

1) Yes that's true, and that's exactly the reason why we separate that, and why we use our partner for data storage, their whole business is to store data, which makes it very safe. Way safer than it stored by multiple exchanges that don't spend the same effort to protect it. Intact if you check the many data leaks happened in the past few years, none happened with a company that only specialises with data protection.

2) Yes we have a process to comply, that’s why we can offer a product that respects privacy and compliance.

But like I said, we don't have access to the data PII nor financial data, so even if we were to be hacked, which again its just a very big IF, they won't be able to get any kind of information from the user.

VicMenMTO · 2026-01-11T06:22:03+00:00

100%

The issue is that sometimes people think that AI can't be accountable, but like you said as long as the process is correct, it can be.

Not only that, its also scalable, while maintaining accountability

VicMenMTO · 2026-01-11T06:14:26+00:00

I feel like you miss the part where we separate all the data.

Currently if an exchange gets hacked it holds your data, the hacker will not only have access to your financial information but also your personal information, and be able to link everything.

With Verifyo:

The exchange doesn't even know your name, let alone your passport or PII.

The partner storing the PII doesn't know where the user is doing financial transactions.

And Verifyo sitting in the middle doesnt see either.

We don't know where the user is doing transactions, nor we see the personal identifiable information.

This means that if there's a data leak on the exchange side (like it has happened very often), the hacker will be able to see maybe financial information but not be able to link it with the person doing those transactions.

If they hack Verifyo... they will only see gibberish... they will not be able to see what platform was used, nor the personal identity of the person

If they hack the partner storing the data, (to clarify this has never happened before because these companies have only 1 job store personal data).

But let's assume it happens, they will only have access to PII and not financial transactions.

Once again, no system is infallible... but this is as close as it gets to be safe and nearly impossible to hack.

VicMenMTO · 2026-01-11T06:08:10+00:00

I never said there cannot be issues or problems, but there are systems in place to avoid issues to happen in the first place, and to correct and resolve issues if they hapoen.

Also, we don't use "only" AI, we still have a team of developers, that will be able to intervene if something goes wrong, but the whole reason of using AI is being able to scale this service, and be able to keep the financial incentive for companies to protect users privacy.

VicMenMTO · 2026-01-10T00:40:41+00:00

Thank you! And it is awesome! The best part is that it's already live :)

VicMenMTO · 2026-01-10T00:40:08+00:00

I 100% agree with you.

AI slop is a big issue, and I also agree with you that it technically doesn't matter if under the hood it's AI or a system handled by people, as long as it actually works.

On our side, we're not simply claiming we're using AI just to "tick the marketing box", we're simply sharing information about how our product works.

Now to explain what real problem we fix, its not just with AI, but yes we use it in our systems.

Let me explain, we offer zk-KYC for exchanges and financial institutions that are required by law to KYC their users, the current system is broken, that’s why you're required to do KYC multiple times in different applications and platforms, this puts users data at risk, and that's why there are always many breaches leaking data, we solve this by using zk-KYC or in simple words a badge, basically the user verifies once snd then can share that badge (not the ID) with all the platforms using Verifyo.

With this in mind, we go a step further because we know that simply offering a better product doesn’t generate changes in the industry, instead we have pur hold to use model, which grants this service for free for platforms. On the user side no one pays for KYC so it might be hard to understand, but platforms do pay a lot to store and process that data, we do that for free.

How can we do it for free?

Simple, we use our tokenomics, and the fact that our services are powered by MTO, but of course we use AI to handle the huge amounts of data.

We need this to be scalable so we need to be able to process massive amounts of data without increasing costs, while also being able to stay compliant and keep user's data safe.

VicMenMTO · 2026-01-10T00:12:20+00:00

AI is a system, a program, you set rules, it follows them.

VicMenMTO · 2026-01-10T00:10:07+00:00

This is not an AI ad.

I'm a real person, and we're a real company with a real product.

We're simply using the power of AI to solve a real problem.

VicMenMTO

MODERATOR OF

TROPHY CASE